Hi all,
I am a pentester by trade, but have been asked to do a forensics-like job. The job involves determining whether a specific application leaves any sensitive data behind on a laptop after use. The application is basically a Citrix-like application, which uses a VPN to communicate back to a restricted and sensitive network.
I am assuming the types of tools I would be looking for include the following
- a tool that snapshots the harddrive before and after use of the application, so that I can look at the "diff"/difference/delta for anything sensitive,
- a tool that does the same as above, but for memory, and/or
- a tool that monitors and records all writes to the harddrive and memory for a specific application, so that I can investigate later.
Are there specific tool suggestions that do the above? Are there any other suggestions for how I might approach this job?
Some more info
- I have one Windows XP laptop and one Windows Vista laptop that will be provided for the job with the application installed. I have other Windows based laptops if needed.
- I would much prefer freely downloadable tools, as this job doesn't pay that much and I don't want to spend money for a tool that I may only use once. I may consider purchasing a tool though.
Any help greatly appreciated!
BullyBoy.
Process Monitor will help you accomplish some of your goals.
http//